Jun 03 05 11:29a SVIPG 



408 971 4660 



p. 9 



-6- 

REMARKS 

The Examiner has further rejected Claims 1-17 under 35 U.S.C. 102(a) as being 
anticipated by AiroPeek (for Windows Quick Tour). Applicant respectfully disagrees with 
this rejection, especially in view of the amendments made hereinabove. Specifically, in the 
spirit of expediting the prosecution of the present application, applicant has incorporated the 
subject matter of dependent Claim 16 into each of the independent claims. 

With respect to dependent Claim 16, the subject matter of which is presently 
incorporated into each of the independent claims, the Examiner has relied on AiroPeek's 
disclosure of automatic name resolution where "machine names [are automatically mapped] 
to corresponding IP and Appletalk logical addresses" (page 4-6), detecting "various internet 
attacks including 4 land\ 'tear-drop', *gin\ 'jolt', oversize-IP, 'pimp', riptrace, and 'winnuke' 
attacks" (page 8), and finding sources of specific protocol traffic (page 10). Applicant 
respectfully asserts that such teachings clearly do not meet applicant's claimed "wherein said 
step of detailed protocol analysis includes the steps of permitting a user to enter the MAC 
addresses of known access points operating in said IEEE 802.1 1(b) wireless communication 
channel; selectively activating a rogue access point detection routine; checking the addresses 
of newly detected access points against the addresses of said known access points; and 
marking for display as a rogue access point, any access point detected that is not included as a 
known access point" (see this or similar, but not identical language in each of the independent 
claims). 

Basically, AiroPeek merely teaches mapping already known machine names to IP 
addresses, detecting internet attacks and finding sources based on their protocol traffic. Such 
teaching does not include "selectively activating a rogue access point detection routine; 
checking the addresses of newly detected access points against the addresses of said known 
access points; and marking for display as a rogue access point any access point detected that 
is not included as a known access point" (emphasis added). Simply nowhere in AiroPeek is 
there any suggestion of such specific claim language, especially in view of the fact that 
detecting internet attacks is not the same as rogue access point detection. 

The Examiner is reminded that a claim is anticipated only if each and every element 
as set forth in the claim is found, either expressly or inherently described in a single prior art 
reference. Verdegaal Bros. v. Union Oil Co. Of California, 814 F.2d 628, 631, 2 USPQ2d 
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1051, 1053 (Fed. Cir. 1987). Moreover, the identical invention must be shown in as complete 
detail as contained in the claim. Richardson v. Suzuki Motor Co. 868 F.2d 1226, 1236, 
9USPQ2d 1913, 1920 (Fed. Cir. 1989). The elements must be arranged as required by the 
claim. 

This criterion has simply not been met by the AiroPeek reference, especially in view 
of the amendments made hereinabove. A notice of allowance or a specific prior art showing 
of each of the foregoing claimed features, in combination with the remaining claimed 
features, is respectfully requested. 

Applicant further notes that the prior art is also deficient with respect to the dependent 
claims. For example, with regard to dependent Claim 3, the Examiner has relied on 
AiroPeek's disclosure of setting filters for specific protocols (page 24) to make a prior art 
showing of applicant's claimed "selectively turning said detailed protocol analysis on or off 
for a particular protocol layer, whereby for a protocol layer turned off, that layer and all 
protocol layers above or higher than that layer are not subjected to a detailed protocol 
analysis." 

Applicant respectfully asserts that setting Filters, as in AiroPeek, merely filters what is 
displayed, and not what is analyzed, as is evidenced by AiroPeeks disclosure of 
u [d]isplay[ing] protocol information based on a total of the subprotocols under the parent 
protocol, or by each subprotocol broken-out in individual layers... [sjetting filters based on 
specific subprotocols is easy..." (see page 24, first row in table). Thus, Airopeek clearly does 
not teach "selectively turning said detailed protocol analysis on or off. . ..whereby for a 
protocol layer turned off, that layer and all protocol layers above or higher than that layer are 
not subjected to a det ailed protocol analysis. " as claimed by applicant (emphasis added). 

With respect to dependent Claim 6, the Examiner has relied on AiroPeek's disclosure 
of "send[ing] a notification of a user-specified severity" (page 13) to make a prior art 
showing of applicant's claimed "wherein the step of performing a detailed protocol analysis 
further includes the steps of: assigning a default severity level from a plurality of available 
severity levels for each available alarm; and selectively determining whether a particular 
alarm type is to be logged when generated." Applicant respectfully asserts that such excerpt 
clearly fails to teach applicant's specific claim language. AiroPeek merely teaches sending a 
notification, whereas applicant's claim language includes "selectively determining whether a 
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particular type is to be logged when generated" (emphasis added). Clearly notifying a user 
and logging an alarm are completely different functions. 

With respect to dependent Claim 1 1, the Examiner has relied on AiroPeek's disclosed 
"address filter" (page 14) to make a prior art showing of applicant's claimed "wherein said 
step of displaying includes the step of showing the hosts created for said IEEE 802. 1 1(b) 
wireless communication layer, and the attributes of said hosts, respectively." Applicant 
respectfully asserts that AiroPeek's address filter merely "focus[es] on packets between 
specific network devices or packets being set to or received from a device" (see page 14). 
Simply filtering packets based on sending and receiving devices in no way meets applicant's 
claim language since it completely fails to even mention "showing the hosts ... and the 
attributes of said hosts," as claimed by applicant (emphasis added). 

A notice of allowance or a specific prior art showing of aU of applicant's claim 
limitations, in combination with the remaining claim elements, is respectftilly requested. 

Still yet, applicant brings to the Examiner's attention the subject matter of new Claims 
18-19 below, which are added for full consideration: 

"wherein said step of displaying includes utilizing a plurality of viewing 
panes" (see Claim 1 8); and 

"wherein, for each available alarm, a user is capable of assigning a severity 
level chosen from the plurality of available security levels that is different from the 
default security level." (see Claim 19). 

In the event a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 505-5100. For payment of the 
fees due in connection with the filing of this paper, the Commissioner is authorized to charge 
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such fees to Deposit Account No. 50-1351 (Order No. NAI1P200). A duplicate copy of the 
transmittal is enclosed for this purpose. 

Respectfully submitted, 
ZilteriCoT 



Y 



Kevir^j^LlKa 

£isJ#rfon No. 41,429 

P.O. Box 721120 
San Jose, C A 95172-1120 
Telephone: (408)505-5100 
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